ID
VAR-201511-0222
CVE
CVE-2015-6370
TITLE
Cisco Firepower 9000 Run on device Firepower Extensible Operating System In any OS Command root Vulnerabilities run as
Trust: 0.8
DESCRIPTION
The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578. The Cisco Firepower 9000 is a set of operating systems running on the 9000 Series firewall appliances from Cisco. A local command injection vulnerability exists in the Cisco Firepower 9000 Series. Allows a local attacker to exploit this vulnerability to execute arbitrary commands with root privileges. This issue being tracked by Cisco Bug ID's CSCux10576 and CSCux10578
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | firepower extensible operating system | scope: | eq | version: | 1.1\(1.160\) | Trust: 1.6 |
| vendor: | cisco | model: | firepower extensible operating system | scope: | eq | version: | 1.1(1.160) | Trust: 0.8 |
| vendor: | cisco | model: | firepower extensible operating system on firepower devices | scope: | eq | version: | 1.1(1.160)9000 | Trust: 0.6 |
| vendor: | cisco | model: | firepower series | scope: | eq | version: | 90001.1(1.160) | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-78 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.9
TYPE
operating system commend injection
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20151116-fire1 | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire1 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-6370 | Trust: 3.4 |
| db: | BID | id: | 77634 | Trust: 1.6 |
| db: | JVNDB | id: | JVNDB-2015-005971 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201511-312 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2015-07743 | Trust: 0.6 |
| db: | SEEBUG | id: | SSVID-89894 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-84331 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151116-fire1 | Trust: 2.0 |
| url: | http://www.securityfocus.com/bid/77634 | Trust: 1.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6370 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6370 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2015-07743 |
| db: | VULHUB | id: | VHN-84331 |
| db: | BID | id: | 77634 |
| db: | JVNDB | id: | JVNDB-2015-005971 |
| db: | CNNVD | id: | CNNVD-201511-312 |
| db: | NVD | id: | CVE-2015-6370 |
LAST UPDATE DATE
2024-11-23T22:13:22.243000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-07743 | date: | 2015-11-24T00:00:00 |
| db: | VULHUB | id: | VHN-84331 | date: | 2015-11-19T00:00:00 |
| db: | BID | id: | 77634 | date: | 2015-11-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-005971 | date: | 2015-11-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201511-312 | date: | 2015-11-19T00:00:00 |
| db: | NVD | id: | CVE-2015-6370 | date: | 2024-11-21T02:34:52.390 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-07743 | date: | 2015-11-24T00:00:00 |
| db: | VULHUB | id: | VHN-84331 | date: | 2015-11-19T00:00:00 |
| db: | BID | id: | 77634 | date: | 2015-11-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-005971 | date: | 2015-11-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201511-312 | date: | 2015-11-19T00:00:00 |
| db: | NVD | id: | CVE-2015-6370 | date: | 2015-11-19T02:59:03.830 |